COMMENTARY
Cyber-incident attribution gets a lot of attention, for good reasons. Identifying the actor(s) behind an attack enables taking legal or political action against the adversary and helps cybersecurity researchers recognize and prevent future threats.
As I wrote in the first part of this series, attribution is both a technical and analytical process.…
The rapid adoption of IT and operational technology (OT) by the United Arab Emirates (UAE) has dramatically increased its attack surface, with nearly 155,000 recently discovered remotely accessible assets left vulnerable due to misconfigurations and insecure applications.
The vulnerable assets include remote access points, network administration interfaces, insecure network devices, and open file sharing systems, according to newly published findings in the “State of the UAE Cybersecurity Report 2024.”…
PRESS RELEASE
NEW YORK and ORLANDO, Fla., March 12, 2024/PRNewswire/ —Claroty, the cyber-physical systems (CPS) protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning data about the security of medical devices connected to healthcare organization networks such as hospitals and clinics.…
PRESS RELEASE
VANCOUVER, BC,March 12, 2024/PRNewswire/ — Codezero, the innovator in secure enterprise microservices development, today announced a $3.5 million seed-funding round led by Ballistic Ventures, the venture capital firm dedicated exclusively to funding entrepreneurs and innovations in cybersecurity. This investment marks a significant leap forward in Codezero’s mission to reimagine multi-cloud, collaborative microservices development.…
PRESS RELEASE
NEW YORK and ORLANDO, Fla. — March 12, 2024 — Claroty, the cyber-physical systems (CPS) protection company, today announced at the annual HIMSS24 conference the release of the
Advanced Anomaly Threat Detection (ATD) Module within the Medigate Platform from Claroty. The new capability provides healthcare organizations with the clinical context to properly identify, assess, and prioritize threats to connected medical devices, IoT, and building management systems (BMS).…
Whether it is to support compliance efforts for regulatory mandated logging, to feed daily security operations center (SOC) work, to support threat hunters or bolster incident response capabilities, security telemetry data stands as the lifeblood of a healthy cybersecurity program. But the more security relies on data and analysis to carry out its core missions, the more data it must manage, curate and protect—while keeping data-related costs tightly under control.…
A team of researchers from Google DeepMind, Open AI, ETH Zurich, McGill University, and the University of Washington have developed a new attack for extracting key architectural information from proprietary large language models (LLM) such as ChatGPT and Google PaLM-2.
The research showcases how adversaries can extract supposedly hidden data from an LLM-enabled chat bot so they can duplicate or steal its functionality entirely.…
Driven by the promise of new lines of revenue and lower manufacturing costs, automobile manufacturers are enthusiastically turning vehicles into next-gen application platforms. Increasingly, organizations that run fleets or have transport as a key part of their business can opt into “software defined” features that can be turned on and off over the air, offered on a subscription basis.…
A possible ransomware attack at Nissan has exposed personal information belonging to around 100,000 people in Australia and New Zealand.
The Japanese vehicle manufacturer has a troubled history with cyberattacks, dating back well over a decade. It has variously suffered a source code leak, a proof-of-concept exploit affecting its electric vehicles (EVs), and a data breach affecting more than 1 million customers.…
A security bug in the widely used Kubernetes container-management system allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows nodes within a Kubernetes cluster.
Akamai security researcher Tomer Peled discovered the flaw, which is tracked as CVE-2023-5528 and has a CVSS score of 7.2.…
COMMENTARY
Artificial intelligence (AI) is rapidly altering nearly every aspect of our daily lives, from how we work to how we ingest information to how we determine our leaders. As with any technology, AI is amoral, but can be used to advance society or deliver harm.…
Three security vulnerabilities unearthed in the extension functions ChatGPT employs open the door to unauthorized, zero-click access to users’ accounts and services, including sensitive repositories on platforms like GitHub.
ChatGPT plug-ins and custom versions of ChatGPT published by developers extend the capabilities of the AI model, enabling interactions with external services by granting OpenAI’s popular generative AI chatbot access and permissions to execute tasks on various third-party websites, including GitHub and Google Drive.…
A sophisticated Brazilian banking Trojan is using a novel method for hiding its presence on Android devices.
“PixPirate” is a multipronged malware specially crafted to exploit Pix, an app for making bank transfers developed by the Central Bank of Brazil. Pix makes a good target for Brazil-nexus cybercriminals since, despite being hardly 3 years old, it’s already integrated into most Brazilian banks’ online platforms and sports more than 150 million users according to Statista.…
Iranian hacktivists executed a supply chain attack on Israeli universities by initially breaching systems of a local technology provider to the academic sector.
The self-styled Lord Nemesis group boasted online that it used credentials snatched from Rashim Software to break into the systems of the vendor’s clients, universities, and colleges in Israel.…
Last year, the National Institute of Standards and Technology (NIST) began the process of standardizing the post-quantum cryptography (PQC) algorithms it selected — the final step before making these mathematical tools available so that organizations around the world can integrate them into their encryption infrastructure. Following this, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and NIST released a joint report containing recommendations for organizations to develop a quantum-readiness roadmap and prepare for future implementation of the PQC standards.…
Microsoft issued patches for 60 unique CVEs in its Patch Tuesday security update for March, only two of which are rated as “critical” and needing priority attention. Both affect the Windows Hyper-V virtualization technology: CVE-2024-21407, a remote code execution (RCE) bug; and CVE-2024-21408, which is a denial-of-service (DoS) vulnerability. …
While threat actors converged on Ivanti edge devices earlier this year, one of them moved quicker than the rest, deploying a one-day exploit the day after its public disclosure.
Of the five vulnerabilities that came to light in recent months, CVE-2024-21887 stood out. The command injection vulnerability in Ivanti Connect Secure and Policy Secure gateways was rated a “critical” 9.1 out of 10 on the CVSS scale; it has since proven a powerful launchpad for malicious developers.…
COMMENTARY
Part one of a two-part article.
In cybersecurity, attribution refers to identifying an adversary (not just the persona) likely responsible for malicious activity. It is typically derived from collating many types of information, including tactical or finished intelligence, evidence from forensic examinations, and data from technical or human sources.…
For all its guardrails and safety protocols, Google’s Gemini large language model (LLM) is as susceptible as its counterparts to attacks that could cause it to generate harmful content, disclose sensitive data, and execute malicious actions.
In a new study, researchers at HiddenLayer found they could manipulate Google’s AI technology to — among other things — generate election misinformation, explain in detail how to hotwire a car, and cause it to leak system prompts.…
Voice phishing, or vishing, is having a moment right now, with numerous active campaigns across the world that are ensnaring even savvy victims who might seem likely to know better, defrauding them in some cases of millions of dollars.
South Korea is one of the global regions being hit hard by the attack vector; in fact, a scam in August 2022 caused the largest amount ever stolen in a single vishing case in the country.…